﻿using DotNetNuke.Security.Permissions;

namespace BrandonHaynes.Providers.AmazonS3
	{
	/// <summary>
	/// A class representing a kludged S3 permission for use in authorization.
	/// 
	/// This avoids an issue with the DotNetNuke core -- for whatever reason, not all authorization
	/// checks are determined via the CanViewFolder method, and are instead (sometimes) evaluated
	/// via HasFolderPermission("READ", ...).  Even more unfortunately, the HasFolderPermission
	/// method does not include the folder itself for evaluation, only a set of permissions.
	/// So, if we return no permissions, we have no context to evaluate during authorization.
	///
	/// As a complete kludge, we return a "fake" S3-tagged permission object with 
	/// enough context to evaluate during authorization.  When/if the authorization side is
	/// enhanced to include the actual entity being authorized (and a principal!), we can
	/// remove all this artifice.  See work item DNN-10039 for progress on this.
	/// </summary>
	class S3Permission : FolderPermissionInfo
		{
		/// <summary>
		/// Constructor that requires just enough context to effectuate authorization in the 
		/// permission provider.
		/// </summary>
		public S3Permission(int portalId, string folderPath)
			: base()
			{
			this.PortalID = portalId;
			this.FolderID = S3Folder.MakeId(S3Folder.MakeBucketName(folderPath));
			this.FolderPath = folderPath;
			}
		}
	}
